0

In javascript, I have a string like this:

"doSomething('param1','param2')"

And I want to execute it. I am aware that I could normally use 

window['doSomething']('param1', 'param2');

But that only works if my function name is separate from the arguments. In my case they are already combined. I think I can use eval() but the consensus seems to be that it should be avoided. Is there another way?

EDIT: To answer the request for more info: I am using this string like this:

<a id="YesButton" onclick="closeModalView_Yes("doSomething('param1','param2')")">

Where closeModalView_Yes will close the modal yes/no window and then execute the given function, although at times I may pass it doSomethingElse(param1) which only takes one parameter.

Improve this question
3
  • If you know what's in the string and won't be surprised ever, just use eval. I mean, you can't ever allow a user to assign the string's value. Commented Jul 31, 2013 at 19:47
  • How did you get that string, and why? Can't you make it an array ['doSomething', 'param1' 'param2']? Commented Jul 31, 2013 at 20:01
  • 1
    Why don't you pass a callback to closeModalView_Yes instead? Something like closeModalView_Yes(function () { doSomething('param1','param2'); }). Commented Jul 31, 2013 at 20:29

2 Answers 2

Reset to default
1

Use eval, just like:

eval( "console.log( 'hey', 'here I am' )" );

However eval is pretty dangerous and it's not recommended.

If you can (still we don't have much info about your case), render your JavaScript between <script> tags in your template, making it a "regular code", much easier to debug.

Also a good practice is to pass data (i.e. with JSON) rather than code. Try rethinking your logic or provide additional information.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

With respect to "security", there is no difference between using eval or using a script element to execute the code though.
@FelixKling In terms of security - not much. In terms of debugging - hell yes! ;)
I agree. But since you mentioned both in the same paragraph it sounded like script was safer. Just wanted to clarify that :)
@FelixKling Agreed. Fixed the answer to avoid misunderstanding.
1 
<a id="YesButton" onclick="closeModalView_Yes("doSomething('param1','param2')")">

You really shouldn't pass that as a string, but as a function:

closeModalView_Yes(function(){ doSomething('param1','param2'); });

together with

function closeModalView_Yes(callback) {
    // do whatever needs to be done to close the window
    // and after that
    callback();
}

Btw, with your current approach the HTML is not even valid, it would need to be

<a id="YesButton" onclick="closeModalView_Yes(&quot;doSomething('param1','param2')&quot;)">
<!--                                          ^^^^^^                              ^^^^^^ -->

You could've avoided that by registering the event via javascript instead of inline attributes.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.